[sylpheed:34950] Re: accountrc windows
Hiroyuki Yamamoto
hiro-y at kcn.ne.jp
Wed Dec 14 17:53:41 JST 2011
Hello,
On Sun, 11 Dec 2011 23:30:44 +0200
Cristian Secară <liste at secarica.ro> wrote:
> On Sat, 10 Dec 2011 17:59:38 +0100, Tom Wiles wrote:
>
> > Now, if someone for some reason gains a read access to a windows
> > machine would be able to read all email password.
Because of this, the account setup dialog doesn't let users enter
password when creating an account since 3.0.
> Normally Sylpheed stores the user data under the user account
> directory. While your concern makes sense, a normal user gaining "a
> read access to a windows machine" does not automatically has read
> permissions under your user files, except if logged as you, or as
> administrator, or as some user configured with elevated access.
>
> Other thing, with the passwords either visible or somehow hidden, I
> don't see any difference. If the password is [either way] stored, I
> suppose that means the application is configured in "remember password"
> mode when fetching mail, so if someone launches Sylpheed while logged
> on your account, it will simply read any mail, no need to know any
> password.
>
> IMO this discussion may have sense only when combined to some master
> password when opening the program.
I have created an issue about master password, which I have thought of
for some time, on the Sylpheed BTS.
http://sylpheed.sraoss.jp/redmine/issues/8
Please feel free to discuss the specs and the implementation.
--
Hiroyuki Yamamoto <hiro-y at kcn.ne.jp>
More information about the Sylpheed
mailing list